eb2352be78d6e27b49a661d55104e24f3ef14d0e6d67fed43c3bdfbf49b4531b

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15/09/2024, 01:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ca1d06ac9123d95a554d8e086f929180N.exe
Size

44KB
MD5

ca1d06ac9123d95a554d8e086f929180
SHA1

47d5269f27647e5116d68abb399e6b364b36641a
SHA256

eb2352be78d6e27b49a661d55104e24f3ef14d0e6d67fed43c3bdfbf49b4531b
SHA512

f41f9240060b57a71fa2d48aae50b1fe8cf66d32505f1b52ed3912c8198fc09d5e0bba90d2908372cc8286e0bdfe84f6d0f00d74535179ef82375bb83cb73fb2
SSDEEP

768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFHOO:W7ZppApBULcfpHLcfpyDn

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (3244) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Java\jre7\lib\jfr\default.jfc.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_ja.jar.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.png.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\Chkr.dll.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm_cmd.xml.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\sd\icecast.luac.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boa_Vista.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui_5.5.0.165303.jar.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_zh_CN.jar.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_config_window.html.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santiago.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-execution.xml.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Troll.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\d3d9\libdirect3d9_filters_plugin.dll.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Java\jre7\bin\msvcr100.dll.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-dialogs.xml.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novosibirsk.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\vlc.mo.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\DVD Maker\sonicsptransform.ax.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\vlc.mo.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libcdda_plugin.dll.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunec.jar.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_zh_4.4.0.v20140623020002.jar.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_ja_4.4.0.v20140623020002.jar.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Mozilla Firefox\firefox.cfg.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_ja_4.4.0.v20140623020002.jar.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libuleaddvaudio_plugin.dll.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.jar.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.preferences_3.5.200.v20140224-1527.jar.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tongatapu.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_zh_CN.jar.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_es.properties.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Java\jre7\lib\plugin.jar.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\UnlockLimit.wax.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench_3.106.1.v20140827-1737.jar.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-options.xml_hidden.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Design.Resources.dll.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Internet Explorer\perf_nt.dll.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler.xml.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Java\jre7\bin\jfr.dll.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages.properties.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	ca1d06ac9123d95a554d8e086f929180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiler.xml.tmp	ca1d06ac9123d95a554d8e086f929180N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ca1d06ac9123d95a554d8e086f929180N.exe

C:\Users\Admin\AppData\Local\Temp\ca1d06ac9123d95a554d8e086f929180N.exe
"C:\Users\Admin\AppData\Local\Temp\ca1d06ac9123d95a554d8e086f929180N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini.tmp

Filesize
45KB

MD5
96ade37da1978cf95f185ec0a0041481

SHA1
c7e13130c4b925a04285c84e87a4ab9ae0c93493

SHA256
90d05ce244385e9ed1f684fc87eb452ca81cdd64f0949891c1446dbfd524a297

SHA512
9b3572d1a02f129ac963dfd5398f3604968c5068ae0bbfc640d64f8bff0dafff2204fddb47dfc2b0c02bf8270f49a44af3b7e35987b21f2e1386c69d09e52755

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
54KB

MD5
51c3694f10aceaf4d9f57e2a856a5007

SHA1
4fd84bf7ac1af9bac51e8d2b2cfbcfe4745fc5d9

SHA256
0b2654220d58bcb58157d227bdf864c39fadb15d34db8319bc5fb83a64b5e88f

SHA512
8d7c6810ffeef162c0b237cba23537640da2e4099f0dbb04fbc1e0153383227e91ab2e6662ec67fe95ade2e92f6efd3cc78717e400a31972a6734afa4db09189

Download Submit